Apple in macOS Big Sur 11.4 patched a zero-day vulnerability that could allow attackers to secretly take screenshots or record video of a user s screen by hijacking existing app permissions.
Apple has fixed a security vulnerability through the latest update of its macOS that earlier allowed hackers to record a victim's screen or take photos using Mac's camera.
macOS Big Sur 11.4: Here s what s new in the latest Mac update
Apple s released new Mac update. Big Sur 11.4 brings support for the new Podcasts subscription service, bug fixes and more.
| 9 hours ago
It s not long since Apple released macOS Big Sur 11.3 with a number of new features (read: What s in Big Sur 11.3) and Apple s plans for the successor to Big Sur will be unveiled at WWDC on 7 June. You might think that would mean that Apple was wrapping up development work on Big Sur, but no: Apple has just released another update to Big Sur that will bring even more new features.
Piggyback permissions
Thanks to this unique attack vector, legitimate Apple developers unwittingly distributed the malware to their users, in what security researchers opine can be referred to as a supply-chain-like attack.
Crucially, despite being outed, the authors behind the malware have been constantly updating it and more recent variants are
“When it was initially discovered XCSSET was thought to utilize two zero-day exploits.Diving further still into the malware, Jamf discovered that it has also been exploiting a third zero-day to bypass Apple’s TCC framework,” the Jamf security researchers explained in their analysis.
While dissecting the malware, Jamf researchers found that it searches for other apps on the victim’s computer that are frequently granted screen-sharing permissions.